OnePlus has fixed a vulnerability in its out-of-warranty repair invoicing system, and claims it was done before it could have been exploited to gain customer details in the US. Tipster Eric Lang informed Android Police about this issue, which was subsequently patched by OnePlus. According to the company, it found no evidence of any purposeful attempts to access user data and no credit card or payment information was accessible.
According to a report by Android Police, the vulnerability was discovered on June 30. The third-party vendor which handles out-of-warranty repairs for OnePlus devices in the US, would send a link to customers to make the payment for the repairs. However, anyone with access to the link was able to see the customers details, such as name, order number, address, phone number, email, IMEI, etc. This was brought to light thanks to a tip sent by user Eric Lang, to Android Police who then reportedly worked with OnePlus to get this issue resolved.
This has affected only US customers and has been fixed on July 2, according to a statement from OnePlus. However, it's uncertain for how long this vulnerability existed. Previously, OnePlus was in the spotlight for a security issue which existed in the API of its ‘Shot on OnePlus' app, which leaked email address of individuals. Back in 2018, the integrity of the company's online store came into question, as users reported fraudulent transactions being made on their credit cards, which were previously used to purchase items from the company's website.
Is OnePlus 8 Pro the perfect premium phone for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.